Physical Unclonable Functions (PUF)

Updated 30 November 2025

PUF is a hardware security primitive that harnesses unpredictable manufacturing variations to generate unique challenge–response pairs for secure device authentication and key extraction.
It is implemented using diverse architectures—such as ring oscillators, arbiter circuits, and memristive devices—each offering trade-offs in response entropy, reliability, and resistance to modeling attacks.
Recent research focuses on enhancing PUF entropy, environmental robustness, and integration with quantum protocols to counter cloning and machine learning attacks.

A Physical Unclonable Function (PUF) is a hardware security primitive that exploits uncontrollable, irreproducible physical variations introduced during the manufacturing process to create a device-unique input–output mapping, typically realized as a challenge–response function. PUFs form the foundation for secure hardware authentication, device identification, secret key extraction, and anti-counterfeiting, with core requirements including uniqueness, unpredictability, unclonability, and reliability under environmental variation (Plaga et al., 2012, Plaga et al., 2015, Garcia-Bosque et al., 14 Feb 2024).

1. Theoretical Foundations and Formal Definitions

Physically Unclonable Functions are formally modeled as physical devices implementing a challenge–response function

$R = f(C; X)$

where $C$ is the digital (or analog) challenge, $X$ encompasses the random, static physical disorder arising during fabrication, and $R$ is the corresponding response (Nocentini et al., 2022, Garcia-Bosque et al., 14 Feb 2024). The defining property is that $f$ is inherently inseparable from the device’s security mechanism: the mapping from $C$ to $R$ cannot be duplicated or predicted without the specific physical instance (Plaga et al., 2015). The function $f$ must change non-trivially with its argument; formally, $\exists\, C,C'\in\mathcal{M}: f(C)\neq f(C')$ (Plaga et al., 2012).

PUFs are distinguished from related constructs, such as:

Conventional Unclonable Functions (CUFs): No challenge dependence; secrets are hidden solely by tamper resistance.
Physically Obfuscated Keys (POKs): Special case of a PUF with a single challenge.
Random Number Generators (RNGs): Output does not vary controllably with different challenges.
Controlled PUFs: PUFs with a tamper-resistant wrapper obscuring challenge–response pairs.

The PUF security goal can be either to prevent physical duplication (infeasibility of creating a physically identical token) or to prevent mathematical duplication (infeasibility of reproducing the same input–output mapping on different hardware) (Plaga et al., 2015).

2. Security Mechanisms and Classification

PUFs are classified by their security objectives and the mechanisms embedding their protection (Plaga et al., 2015, Plaga et al., 2012).

A. Security Objectives:

Simple Release: Outputs are released on a predetermined trigger or to specific addresses.
Timed Release: Output only occurs within a prescribed time after a challenge.
Duplication Resistance: Disallows either physical or mathematical cloning.

B. Security Mechanisms:

Complex-Structure on Production (CS): Security is derived from random physical complexity, e.g., semiconductor process variations.
No-Cloning Physics (NC): Security is grounded in physical law, e.g., quantum no-cloning theorem (quantum PUFs).
Cryptostorage: Security is provided by hiding secret responses among a large space of possible challenges, such that an adversary cannot feasibly exhaustively access them. Two implementations:
- Minimum Read-Out Time (MRT): The CRP space is so vast that attackers, within feasible access time $\Delta t_a$ , can only extract a negligible fraction of secrets ( $L = \Delta t_a/(N\cdot\Delta t_r)\ll1$ ).
- Challenge-Dependent Erasure (EUR): Any incorrect challenge irreversibly destroys the response, achieving information-theoretic security without storing an exponentially large secret.

Quantum PUFs realize the EUR mechanism natively, leveraging quantum measurement disturbance (Plaga et al., 2012, Galetsky et al., 2022).

3. Device Architectures: Representative Implementations

PUFs are instantiated through diverse physical architectures, each exploiting different forms of manufacturing disorder:

Device Type	Disorder Source	Notable Features and Metrics	Reference
Ring Oscillator	CMOS inverter delay variability	Inter-chip HD ≈ 0.5, intra-chip HD ≪ 0.1	(Garcia-Bosque et al., 14 Feb 2024)
Arbiter	Signal race timing randomness	Strong PUF; CRP truth table; ML-attackable	(Dumoulin et al., 28 Jun 2024)
Hybrid Boolean Net	Gate delays in chaotic ABNs	$N$ -bit CRP, $\mu_{inter}=0.40$ , $\mu_{intra}=0.05$	(Charlot et al., 2019)
UNBIAS	Delay path, implemented via RTL	Inter-FHD 45.1%, no layout constraints	(Wang et al., 2017)
Memristive (mrPUF)	Nano-crossbar memristor SHIC	CRP space $>10^{60}$ , ultra-low power, U~0.5	(Kavehei et al., 2013)
Lattice PUF	SRAM POK + LWE decryption	ML-resistance ( $2^{128}$ ), uniformity 49.98%	(Wang et al., 2019)
Photonic (HPUF)	Polymer/Liquid crystal disorder	All-optical, multi-level, $\sim$ 2× key capacity	(Nocentini et al., 2022)
SOT/STT-MRAM	Random magnetic domain states	Nonvolatility, BER <1%, HD~0.49, reconfigurability	(Finocchio et al., 2019)
Micromagnet-NV	Random micro-ferromagnetization	$10^4$ -bit, HD $_{inter}=0.49$ , BER~1%	(Kehayias et al., 2020)
ReRAM	Unformed cell analog V–I spread	BER 0.03%, HD $_{inter}$ =50.0%, low power	(Garrard et al., 3 Oct 2025)

Significance: Each architecture is engineered for trade-offs among response entropy, stability, area/power, and resistance to modeling or side-channel attacks (Garcia-Bosque et al., 14 Feb 2024, Plaga et al., 2015, Charlot et al., 2019, Wang et al., 2017, Garrard et al., 3 Oct 2025, Kavehei et al., 2013, Kehayias et al., 2020, Finocchio et al., 2019, Wang et al., 2019, Nocentini et al., 2022, Dumoulin et al., 28 Jun 2024).

4. Security Evaluation and Performance Metrics

PUF quality is formally quantified via metrics including:

Uniqueness (Inter-chip Hamming distance): $\mu_{inter} = (1/N) \sum_{i=1}^N [R_i \oplus R'_i]$ for responses $R$ , $R'$ from different chips. Ideal: 0.5 (Charlot et al., 2019, Garcia-Bosque et al., 14 Feb 2024, Wang et al., 2017, Garrard et al., 3 Oct 2025).
Reliability (Intra-chip Hamming distance): Reproducibility across reads, environmental changes. Ideal: 0.
Entropy (Min/Shannon): Counts number of unpredictable output bits. H $_{\min} \approx ½N2^N$ for HBN-PUFs; min-entropy per bit $\sim 1$ is ideal (Charlot et al., 2019, Garcia-Bosque et al., 14 Feb 2024, Kehayias et al., 2020).
Response Uniformity: Fraction of 1’s among all response bits; ideally 0.5 (Garrard et al., 3 Oct 2025, Kehayias et al., 2020, Finocchio et al., 2019, Charlot et al., 2019).
Bit Error Rate (BER): For challenge $c$ , $BER = (1/m) \sum_{i=1}^m HD(E(c), R_i(c))/n$ , with $E(c)$ the enrollment response (Garrard et al., 3 Oct 2025).
Diffuseness: Average difference in responses to different challenges on the same chip.
Resistance to Modeling Attacks: Quantified by test accuracy of best-known ML models; for lattice PUFs, accuracy is $<50.24\%$ after $10^6$ CRPs (Wang et al., 2019, Dumoulin et al., 28 Jun 2024, Wang et al., 2017, Charlot et al., 2019, Guo et al., 2017).

Environmental robustness is achieved via design (matching delay elements, self-compensating readout) or enrollment/bit-masking "cherry-picking" (discard unreliable bits) (Charlot et al., 2019, Wang et al., 2017, Finocchio et al., 2019, Garrard et al., 3 Oct 2025). For quantum PUFs, the no-cloning theorem guarantees security at a physical level, as any measurement by an adversary necessarily disturbs the quantum state (Plaga et al., 2012, Galetsky et al., 2022).

5. Applications: Authentication, Key Generation, Anti-Counterfeiting

PUFs are used as intrinsic hardware fingerprints for:

Authentication: Device registers responses to chosen challenges in enrollment. On authentication, supplied challenge and measured response are compared within a Hamming-distance threshold; False Acceptance (FAR) and False Rejection (FRR) are tuned via threshold selection (Garcia-Bosque et al., 14 Feb 2024, Shamsoshoara, 2019).
Key Extraction: Unclonable but noisy PUF responses are stabilized with error correction (helper data/fuzzy extractors), then processed with randomness extractors to yield cryptographic keys (Garrard et al., 3 Oct 2025, Garcia-Bosque et al., 14 Feb 2024, Wang et al., 2019).
Anti-Counterfeiting: Unique CRP tables are assigned to products; only legitimate hardware can regenerate registered responses, deterring counterfeiters (Nocentini et al., 2022, Garrard et al., 3 Oct 2025).
Lightweight Randomness Generation: Arbiter PUFs embedded in NFSRs produce high-speed, high-entropy true random number generators suitable for cryptographic protocols (Sadr et al., 2012).
Commutative Secure Computation: Some PUFs (e.g., barrel shifter PUF) enable symmetric key exchange without arithmetic, by commutative permutation of data entangled with physical randomness (Guo et al., 2017).

Quantum PUFs have also been proposed for multi-factor authentication protocols and quantum-secure applications (Galetsky et al., 2022, Plaga et al., 2012, Nocentini et al., 2022).

6. Entropy Analysis, Challenge–Response Scaling, and ML Resistance

The entropy and scalability of PUFs are governed by the size of the challenge space and the unpredictability of the CRP mapping:

Challenge–Response Cardinality ( $|\mathrm{CRP}|$ ): RO-PUFs can achieve $O(N^2)$ CRPs; strong PUFs (e.g., HBN-PUF, Lattice PUF, mrPUF) scale exponentially or super-exponentially, e.g., $2^{N2^N}$ for HBN-PUF at $N=512$ (Charlot et al., 2019, Wang et al., 2019, Kavehei et al., 2013).
Response Entropy and Correlations: Recent work provides closed-form expressions for conditional response entropy in APUFs, elucidating how knowledge of a few CRPs leaks information about others. The probability that two challenges produce the same response depends on architectural correlations and can be calculated for explicit entropy bin sizing (Dumoulin et al., 28 Jun 2024).
Resistance to ML Attacks: Architectures such as Lattice PUFs (reduction to LWE cryptosystem) have formal post-quantum security proofs; empirical attacks with neural nets, SVM, and logistic regression show accuracies no better than random guessing (Wang et al., 2019). In contrast, classical strong PUFs such as Arbiter and RO-PUFs are vulnerable to ML modeling if sufficient CRPs are exposed (Wang et al., 2017, Charlot et al., 2019, Dumoulin et al., 28 Jun 2024).

7. Future Directions and Open Challenges

Key research directions and challenges in PUF development include:

Entropy Amplification: Exploiting intrinsic physical chaos or disorder—e.g., HBN-PUFs, reconfigurable photonic HPUFs—to maximize unpredictability and CRP capacity (Charlot et al., 2019, Nocentini et al., 2022).
Modeling Hardness: Integration of cryptographic hard problems (e.g., LWE) as the core PUF function provides provable resilience against classical and quantum ML attacks (Wang et al., 2019).
Environmental and Aging Robustness: Multi-temperature enrollment, bit-masking, and error-correcting codes are necessary for practical deployment, with continued improvement needed for long-term stability (Charlot et al., 2019, Garrard et al., 3 Oct 2025, Finocchio et al., 2019, Wang et al., 2017).
Quantum-Enhanced PUFs: Leveraging quantum information properties for maximal unclonability and security, at the cost of increased hardware complexity and operational overhead (Plaga et al., 2012, Galetsky et al., 2022).
Composability and Protocol Integration: PUFs as primitives for higher-level authentication, secure key exchange/group key sharing in IoT, and cryptostorage—a new hardware-security primitive akin to cryptographic encryption (Zhang et al., 2018, Plaga et al., 2015).

The continuing evolution of fabrication technologies, advances in quantum hardware, and developments in hardware-intrinsic cryptography ensure that PUFs remain a central focus of both theoretical and applied hardware security research.